MD5 of exe/dlls are different after rebuild

Question

I am wondering if I can make the MD5 for a dll/exe consistant after a new build?

Every time I rebuild my project and get a different MD5 with the tool "Microsoft File Checksum Integrity Verifier".

I found some articals about the issue, someone said it was due to the timestamp on the head of PE32 file. I have no knowledge about it. Please could anyone help? Thank you in advance!

Below is how I get the MD5 sum. The MD5Compare.exe are exactly the same except that they are not created in the same build.

C:\Users\Administrator>fciv.exe D:\Lab\MD5Compare\MD5Compare\bin\Debug\2 -wp MD5
Compare.exe
//
// File Checksum Integrity Verifier version 2.05.
//
5cdca6373aca0e588e1e3df92a1d5d0a MD5Compare.exe

C:\Users\Administrator>fciv.exe D:\Lab\MD5Compare\MD5Compare\bin\Debug\2 -wp MD5
Compare.exe
//
// File Checksum Integrity Verifier version 2.05.
//
cf5caace5481edc79fd7bf3e99b48a5b MD5Compare.exe

Answer 1

No, the checksum has to be different because the data in the file has actually changed, even if no code has - no functional difference in compilation been made, no new features added to the assembly - since the timestamp of the build, for one, will be different.

So you need to take into account metadata here, and how it is stored/affects the properties of a file on a file system, and therefore integrity checks.

Answer 2

Please consider what MD5 is supposed to do: It's supposed to ensure that nobody has changed your files on a binary level. It's supposed to ensure that your file is exactly the same. Having multiple builds (different files) have the same MD5-checksum would defeat the purpose of having MD5.

If you can change the files while the checksum stays the same, so could hackers.